pfring-7.0.0-1976.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically
improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1976.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically
improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for
Fmem:
4.16.12-300 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for
LiME:
4.16.12-300 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for
Fmem:
4.16.12-200 for FC27
4.16.11-200 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for
LiME:
4.16.12-200 for FC27
4.16.11-200 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for
Fmem:
4.16.11-100 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for
LiME:
4.16.11-100 for FC26
libfixbuf{,-devel}-2.0.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Libfixbuf
is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101).
See here for the list of changes.
libschemaTools{,-devel}-1.3-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and libschemaTools{,-devel}-1.3-1.el7.x86_64.rpm -
libschemaTools is a library that provides a standard representation of data records.
It is built on fixbuf, using IPFIX information elements.
It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source.
SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records.
See here for the list of changes for this release.
This package was rebuilt to use libfixbuf 2.0.0.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.17.1-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.17.1-2.{fc22,fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.17.1-2.{el6,el7}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
silk-ipset-{devel,lib,tools}-3.17.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset
distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA).
The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses.
SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite.
Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
prism-1.2-4.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - The prism
trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This is a new release keeping up with the latest SiLK 3 tools.
super_mediator-1.6.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and super_mediator-1.6.0-1.el7.x86_64.rpm -
Super_mediator is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF.
See here for the list of changes for this release.
yaf{,-devel}-2.10.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.10.0-1.el7.x86_64.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring.
analysis-pipeline-5.8-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.8-1.el7.x86_64.rpm -
The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use silk 3.17.1 and libfixbuf 2.0.0.
Fedora 22 - Updates to Fedora 22 for both the i686 and x86_64 CPU architectures has ceased.